A Guide for Streamlining CIP-007 and CIP-010 Compliance

Patch management is a critical aspect of ensuring the security of any organization that is responsible for managing critical infrastructure.

This is particularly true for energy utilities, which are often the target of cyber threats. The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) standard CIP-007 mandates strict patch management practices in order to adequately prepare these utilities to defend against the increasingly volatile cyber threats that they face in today's digital landscape. In summary, there are four different CIP requirements that will be discussed in this white paper:

CIP-007-6 R2.1: Utilities must have a source to demonstrate patch management practices for auditors.
CIP-007-6 R2.2 and R2.3: Utilities must discover any patches that have come available within 35-days of availability and then install those patches within the next 35-days following discovery.
CIP-010-4 R1.6: Before installing, the authenticity of patches and other software must be verified.
CIP-010-4 R1.6: In addition, the integrity of patches and software must be evaluated to make sure no risks are introduced into the organization’s assets.

Whitepapers

A Guide for Streamlining CIP-007 and CIP-010 Compliance

SBOM Use Cases for Asset Owners

Enhancing Cybersecurity Best Practices with Software Bill of Materials (SBOM)

A2V Supplier Security Network for Cyber-Supply Chain Risk Management (C-SCRM)

Software Bill of Materials (SBOM) Consumer Use Cases

Whitepapers

A Guide for Streamlining CIP-007 and CIP-010 Compliance

Related Resources

SBOM Use Cases for Asset Owners

Enhancing Cybersecurity Best Practices with Software Bill of Materials (SBOM)

A2V Supplier Security Network for Cyber-Supply Chain Risk Management (C-SCRM)

Software Bill of Materials (SBOM) Consumer Use Cases

Sign up for our Newsletter